Posted in October, 2014

One of the OS X Yosemite features I had been looking forward to brings Netflix HTML5 streams to Safari. It’s supposed to drastically increase battery life and also takes away the last reason to have Silverlight installed.

But I uninstalled Silverlight and Netflix wouldn’t stop telling me I need to install Silverlight to watch anything. I found these requirements listed on the support site:

  • Early 2011 model or newer Mac
  • OS X 10.11 [sic] Yosemite or newer OS
  • Certain late Intel Sandy Bridge or any Intel Ivy Bridge/Haswell processor

As someone with a mid-2010 MacBook Pro that has a Core 2 Duo, this was really disappointing to discover. But it turns out Chrome has included the DRM components necessary for a while. Watching Netflix with HTML5 is as simple as installing Chrome.

If it doesn’t work right away, try going to chrome://components and seeing if the WidevineCdm component is installed. If it isn’t, click Check for update and it should install it. Once I installed this, Netflix started to stream perfectly without a trace of Silverlight in my system.

Thanks to the free [Namecheap]([^1] SSL certificate included with the GitHub Student Developer Pack, I’ve moved my site over to HTTPS permanently.

After dealing with infinite redirect loops for almost an hour, it turns out on NearlyFreeSpeech you need this extra block of code in your wp-config.php:

if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )
    $_SERVER['HTTPS'] = 'on';

Beyond that, it’s simply a matter of setting your WordPress URLs to the https version. I also have the following in my .htaccess file:

Header set Strict-Transport-Security "max-age=10886400; includeSubDomains" "expr=%{req_novary:X-Forwarded-Proto}=='https'"

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

The first line sets an HTTP Strict Transport Security header that tells the browser to always use https for the specified time (10886400 seconds is 18 weeks). The next two lines permanently redirect any insecure URL to the https version.